- (djm) Clear supplemental groups at sshd start to prevent them from

being propogated to random PAM modules. Based on patch from Redhat via Pekka Savola <pekkas@netcore.fi>
2025-01-30 05:32:46 +00:00 · 2001-09-15 21:12:49 +10:00 · 2001-09-15 21:12:49 +10:00 · ebf989e601
commit ebf989e601
parent ba6f9f9e49
2 changed files with 8 additions and 1 deletions
--- a/5
+++ b/5
@ -5,6 +5,9 @@
   Redhat
 - (djm) Redhat initscript config sanity checking from Pekka Savola 
   <pekkas@netcore.fi>
+ - (djm) Clear supplemental groups at sshd start to prevent them from 
+   being propogated to random PAM modules. Based on patch from Redhat via
+   Pekka Savola <pekkas@netcore.fi>

 20010914
 - (bal) OpenBSD CVS Sync
@ -6436,4 +6439,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1518 2001/09/15 11:03:10 djm Exp $
+$Id: ChangeLog,v 1.1519 2001/09/15 11:12:49 djm Exp $
--- a/sshd.c
+++ b/sshd.c
@ -782,6 +782,10 @@ main(int ac, char **av)
 		log_stderr = 1;
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);

+	/* Make supp. groups don't get propogated to PAM modules */
+	if (setgroups(0, NULL) < 0)
+		fatal("setgroups() failed: %.200s", strerror(errno));
+
 	/*
 	 * If not in debugging mode, and not started from inetd, disconnect
 	 * from the controlling terminal, and fork.  The original process